topic Re: Cross-Origin Request Blocked using mashup API in Integration, Extension & APIs

Cross-Origin Request Blocked using mashup API

pablolabbe — Wed, 25 Jul 2018 02:39:58 GMT

Hi,

I'm configuring a mashup to run from an IIS Server, instead of using the internal Qlik Sense server. Both on same machine but using different ports. IIS on 8080 and Qlik on 80.

When I open the url http://<nydomain.com>:8080/mashupsite the authentication is fine and the html elements are shown in the page as well but the qlik objects doens´t display.

After reviewing the developer console I found the errror below:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<mydomain.com>/resources/autogenerated/product-info.json?1532484125189. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

I already added the tag Access-Control-Allow-Origin in the additional response headers parameter in the virtual proxy (default) but the error is still there.

The server is version June/2018 and using only the default virtual proxy using ticket and windows authentication.

Does anyone have a clue about how to solve this issue ?

Re: Cross-Origin Request Blocked using mashup API

Aiham_Azmeh — Wed, 25 Jul 2018 05:56:44 GMT

Hi pablolabbe‌,

This is a known issue and it should have been fixed before the June release, you should file a bug.

Re: Cross-Origin Request Blocked using mashup API

pablolabbe — Wed, 25 Jul 2018 19:55:59 GMT

Hi Aiham,

So this problem is also found in the most recent versions like February/2018 or April/2018 ?

Re: Cross-Origin Request Blocked using mashup API

Aiham_Azmeh — Thu, 26 Jul 2018 07:04:54 GMT

pablolabbe‌, no (or well it shouldn't) -

In June 2018 release our sense-client team implemented a better, faster and more performant build system, this implementation introduced this issue.

Re: Cross-Origin Request Blocked using mashup API

Anders-Nilsson — Sun, 29 Jul 2018 20:27:38 GMT

Hello Pablo ..

In the June 2018 release Qlik Sense Client (and mashups) are now fetching a few json files (languages and product info) from Qlik Sense Server.

If you are hosting your mashup from a different domain than where Qlik Sense Server is installed then you need to configure your virtual proxy and whitelist your mashups domain so that cross-origin requests are allowed.

try to add

http://<nydomain.com>:8080/

to your whitelist on the virtual proxy you're using.

Re: Cross-Origin Request Blocked using mashup API

pablolabbe — Tue, 31 Jul 2018 00:20:23 GMT

Hi Anders,

Already tried this, but it didn´t work.

Re: Cross-Origin Request Blocked using mashup API

BalaBhaskar_Qlik — Tue, 31 Jul 2018 09:11:41 GMT

May be, check this for properties specifications pertains, Cross-Origin Request:

Credentialed requests and wildcards

When responding to a credentialed request, the server must specify an origin in the value of the Access-Control-Allow-Origin header, instead of specifying the "*" wildcard.

Because the request headers in the above example include a Cookie header, the request would fail if the value of the Access-Control-Allow-Origin header were "*". But it does not fail: Because the value of the Access-Control-Allow-Origin header is "http://foo.example" (an actual origin) rather than the "*" wildcard, the credential-cognizant content is returned to the invoking web content.

Note that the Set-Cookie response header in the example above also sets a further cookie. In case of failure, an exception—depending on the API used—is raised.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Requests_with_credentials

Re: Cross-Origin Request Blocked using mashup API

royal_87 — Tue, 21 Aug 2018 06:16:04 GMT

In the server I have a virtual proxy with these setting and it works just fine

How do you change this in Qlik Sense Desktop where there is no QMC? I got the same error as Pablo when I develop localy on port 4848.

Re: Cross-Origin Request Blocked using mashup API

09999 — Wed, 12 Sep 2018 22:07:13 GMT

Hi Roy,

Were you able to resolve the issue with Qlik sense desktop? I am also having same issue.

thanks

Nagendra.

Re: Cross-Origin Request Blocked using mashup API

royal_87 — Thu, 20 Sep 2018 08:23:37 GMT

No I haven't. I reversed to previous qlik sense desktop version for the moment.

Re: Cross-Origin Request Blocked using mashup API

09999 — Thu, 20 Sep 2018 14:03:05 GMT

so after downgrading qlik sense desktop version were you able to get rid of this error? if so to what version you downgraded?

Re: Cross-Origin Request Blocked using mashup API

royal_87 — Fri, 21 Sep 2018 06:19:22 GMT

I don't get the error in april version and before.

Re: Cross-Origin Request Blocked using mashup API

rodolfoviolac — Sat, 22 Sep 2018 01:44:15 GMT

Hi pablolabbe‌ I fixed this issue setting the appropriate response header on server side, if you are using NodeJS you can use this lib https://github.com/expressjs/cors‌ if not you can just set the "Access-Control-Allow-Origin" : "*" to the response header!

Exemple of response allowing CORS using Express:

res.header("Access-Control-Allow-Origin", "*");

res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

Re: Cross-Origin Request Blocked using mashup API

paoloderegibus — Mon, 29 Oct 2018 10:18:37 GMT

Hello guys,

I was able to solve the cors issue for the desktop version using browsers add-ons.

For firefox I am using CORS everywhere: CORS Everywhere – Scarica l’estensione per Firefox (it)

For Chrome MoesIf CORS changer: Moesif Origin & CORS Changer - Chrome Web Store with the following settings since I my local dev-server answers on port 3000.

These add-ons will work only for the desktop version: you won't be able to connect to an actual QS server and use capability APIs.

If you are using an express local server to develop your app I suggest to take a look at this packege: http-proxy-middleware - npm. I am using it with the dev-server provided by create-react-app and I am able to connect to dektop APIs as well as Enterprise Server APIs, although it requires a bit of configuration.

Re: Cross-Origin Request Blocked using mashup API

sebastian_serva — Sat, 24 Nov 2018 21:50:43 GMT

Hi @Anders-Nilsson,

You're suggestion saved the day. I had the same issue, and by white listing the protocol + FQDN + port it solved the cross-domain issue + weird 'zone.js' error.

Can you explain a bit more in detail why this step is required? Before June 18 when you loaded js/qlik, it was also requiring multiple JS files and this white list entry was not needed. Is it because it's requiring JSON files?

Thanks again,

Seb.

Re: Cross-Origin Request Blocked using mashup API

KStreak — Thu, 03 Jan 2019 22:49:19 GMT

Hello All,

I am also facing this issue in Apr 2018 release Patch1. We are trying to integrate the mash-up inside sales force and getting this error, Tried by setting allo-access control but, it does not reflect when i verify in Chrome.

any help will be appreciated or Do we need to log a case with Qlik.

Re: Cross-Origin Request Blocked using mashup API

arodriguez5 — Thu, 24 Jan 2019 09:42:45 GMT

Hello All,

I get the same issue on qlik server june2018, any solution?

Virtual proxy

Access-Control-Allow-Origin: https://<mydomain>:4343
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token

Qlik and web serrver (IIS) in same server. please help

  Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<mydomain.com>/resources/autogenerated/product-info.json?1532484125189. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Re: Cross-Origin Request Blocked using mashup API

arodriguez5 — Wed, 06 Feb 2019 08:14:12 GMT

Nobody help me? any idea guys?

Re: Cross-Origin Request Blocked using mashup API

KStreak — Wed, 06 Feb 2019 20:45:55 GMT

I worked with QlikTech Support team to resolve this issue. Please watch how to solve CORS Issue https://www.youtube.com/watch?v=slM8ZOfjOBA

Re: Cross-Origin Request Blocked using mashup API

arodriguez5 — Fri, 22 Feb 2019 09:43:17 GMT

It stays the same problem, follow the video instructions and same problem...can you send your config (virtual proxys, server webapp config (headers) )...thx